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Abstract. The existence of a (p-)optimal propositional proof system is a major open 
question in (proof) complexity; many people conjecture that such systems do not exist. 
Kraji'cek and Pudlak [KP89] show that this question is equivalent to the existence of an 
algorithm that is optima^ on all propositional tautologies. Monroe [Mon09) recently gave 
a conjecture implying that such algorithm does not exist. 

We show that in the presence of errors such optimal algorithms do exist. The concept 
is motivated by the notion of heuristic algorithms. Namely, we allow the algorithm to 
claim a small number of false "theorems" (according to any polynomial-time samplable 
distribution on non-tautologies) and err with bounded probability on other inputs. 

Our result can also be viewed as the existence of an optimal proof system in a class of 
proof systems obtained by generalizing automatizable proof systems. 



1. Introduction 

Given a specific problem, does there exist the "fastest" algorithm for it? Does there exist 
a proof system possessing the "shortest" proofs of the positive solutions to the problem? 
Although the first result in this direction was obtained by Levin [Lev73] in 1970s, these 
important questions are still open for most interesting languages, for example, the language 
of propositional tautologies. 
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Classical version of the problem. According to Cook and Reckhow |CR79] . a proof system 
is a polynomial-time mapping of all strings ("proofs") onto "theorems" (elements of cer- 
tain language L; if L is the language of all propositional tautologies, the system is called a 
propositional proof system). The existence of a polynomially hounded propositional proof 
system (that is, a system that has a polynomial-size proof for every tautology) is equiva- 
lent to NP = co-NP. In the context of polynomial boundedness a proof system can be 
equivalently viewed as a function that given a formula and a "proof" , verifies in polynomial 
time that a formula is a tautology: it must accept at least one "proof" for each tautology 
{completeness) and reject all proofs for non-tautologies (soundness). 

One proof system 11^^, is simulated by another one if the shortest proofs for every 
tautology in are at most polynomially longer than the shortest proofs in n^„. The 
notion of p-simulation is similar, but requires also a polynomial-time computable function 
for translating the proofs from 11^ to 11^. A (p-)optimal propositional proof system is one 
that (p-)simulates all other propositional proof systems. 

The existence of an optimal (or p-optimal) propositional proof system is a major open 
question. If one would exist, it would allow to reduce the NP vs co-NP question to 
proving proof size bounds for just one proof system. It would also imply the existence of 
a complete disjoint NP pair |Raz94t [Pud03] . Krajicek and Pudlak |KP89] show that the 
existence of a p-optimal system is equivalent to the existence of an algorithm that is optimal 
on all propositional tautologies, namely, it always solves the problem correctly and it takes 
for it at most polynomially longer to stop on every tautology than for any other correct 
algorithm on the same tautology. Monroe [Mon09] recently gave a conjecture implying that 
such algorithm does not exist. Note that Levin |Lev73j showed that an optimal algorithm 
does exist for finding witnesses to non-tautologies; however, (1) its behaviour on tautologies 
is not restricted; (2) after translating to the decision problem by self-reducibility the running 
time in the optimality condition is compared to the running time for all shorter formulas 
as well. 

An automatizable proof system is one that has an automatization procedure that given 
a tautology, outputs its proof of length polynomially bounded by the length of the shortest 
proof in time bounded by a polynomial in the output length. The automatizability of a 
proof system 11 implies polynomial separability of its canonical NP pair |Pud03) . and the 
latter implies the automatizability of a system that p-simulates 11. This, however, does not 
imply the existence of (|?-)optimal propositional proof systems in the class of automatizable 
proof systems. To the best of our knowledge, no such system is known to the date. 

Proving propositional tautologies heuristically. An obvious obstacle to constructing an op- 
timal proof system by enumeration is that no efficient procedure is known for enumerating 
the set of all complete and sound proof systems. Recently a number of papers overcome 
similar obstacles in other settings by considering either computations with non-uniform 
advice (see [FS06] for survey) or heuristic algorithms |FS04^ iPerO?! Ilts09] . In particular, 
optimal propositional proof systems with advice do exist |CK07j . We try to follow the 
approach of heuristic computations to obtain a "heuristic" proof system. While our work is 
motivated by propositional proof complexity, i.e., proof systems for the set of propositional 
tautologies, our results apply to proof systems for any recursively enumerable language. 

We introduce a notion of a randomized heuristic automatizer (a randomized semideci- 
sion procedure that may have false positives) and a corresponding notion of a simulation. 
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Its particular deterministic automatizer (making no errors) for language L, along 

with deterministic simulations, can be viewed in two ways: 

• as an automatizable proof system for L (note that such proof system can be iden- 
tified with its automatization procedure; however, it may not be the case for ran- 
domized algorithms, whose running time may depend on the random coins), where 
simulations are p-simulations of proof systems; 

• as an algorithm for L, where simulations are simulations of algorithms for L in the 



Given x S L, an automatizer must return 1 and stop. The question (handled by 
simulations) is how fast it does the job. For x ^ L, the running time does not matter. 
Given x ^ L, a deterministic automatizer simply must not return 1. A randomized heuristic 
automatizer may erroneously return 1; however, for "most" inputs it may do it only with 
bounded probability ("good" inputs). The precise notion of "most" inputs is: given an 
integer parameter d and a sampler for L, "bad" inputs must have probability less than 1/d 
according to the sampler. The parameter d is handled by simulations in the way such that 
no automatizer can stop in time polynomial in d and the length of input unless an optimal 
automatizer can do that. 

In Sect. Owe give precise definitions. In Sect. [3] we construct an optimal randomized 
heuristic automatizer. In Sect. H] we give a notion of heuristic probabilistic proof system 
and discuss the relation of automatizers to such proof systems. 

2. Preliminaries 

2.1. Distributional proving problems 

In this paper we consider algorithms and proof systems that allow small errors, i.e., 
claim a small amount of wrong theorems. Formally, we have a probability distribution 
concentrated on non-theorems and require that the probability of sampling a non-theorem 
accepted by an algorithm or validated by the system is small. 

Definition 2.1. We call a pair {D,L) a distributional proving problem if D is a collection 
of probability distributions concentrated on L n {0, l}". 

In what follows we write Ptx-(^d„ to denote the probability taken over x from such 
distribution, while Pr^ denotes the probability taken over internal random coins used by 
algorithm A. 

2.2. Automatizers 

Definition 2.2. A {\,e)-correct automatizer for distributional proving problem {D,L) is 
a randomized algorithm A with two parameters x G {0, 1}* and d € N that satisfies the 
following conditions: 

(1) A either outputs 1 (denoted A{. ..) = !) or does not halt at all (denoted A{. . .) = oo); 

(2) For every x e L and d G N, A{x, d) = 1. 

(3) For every n, d G N, 



sense of |KP89j . 
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Here A > is a constant and e > may depend on the first input (x) length. An automatizer 
is a (1, |)-correct automatizer. 

Remark 2.3. For recursively enumerable L, conditions [T] and [2] can be easily enforced at 
the cost of a slight overhead in time by running L's semidecision procedure in parallel. 

In what follows, all automatizers are for the same problem (D,L). 

Definition 2.4. The time spent by automatizer A on input (x, d) is defined as the median 
time 

tA{x, d) = min <|t € N Vt{A{x, d) stops in time at most t} > 
We will also use a similar notation for "probability p time" : 

t^^(x, d) = min |t € N Pr{^(a;, d) stops in time at most i} >p 

Definition 2.5. Automatizer S simulates automatizer W if there are polynomials p and q 
such that for every x G L and (i G N, 

ts{x, d) < max p{tw{x., d') ■ \x\ ■ d). 

d' <q{d-\x\) 

Definition 2.6. An optimal automatizer is one that simulates every other automatizer. 

Definition 2.7. Automatizer A is polynomially hounded if there is a polynomial p such 
that for every x (z L and every d € N, 

iyl(x, d) < p{d ■ \x\). 

The following proposition follows directly from the definitions. 

Proposition 2.8. 

(1) IfW is polynomially bounded and is simulated by S, then S is polynomially bounded 
too. 

(2) An optimal automatizer is not polynomially bounded if and only if no automatizer 
is polynomially bounded. 



3. Optimal automatizer 

The optimal automatizer that we construct runs all automatizers in parallel and stops 
when the first of them stops (recall Levin's optimal algorithm for SAT |Lev73j ) . A major 
obstacle to this simple plan is the fact that it is unclear how to enumerate all automatizers 
efficiently (put another way, how to check whether a given algorithm is a correct automa- 
tizer). The plan of overcoming this obstacle (similar to constructing a complete public- key 
cryptosystem |HKN+05] (see also [GHP09])) is as follows: 

• Prove that w.l.o.g. a correct automatizer is very good: in particular, amplify its 
probability of success. 

• Devise a "certification" procedure that distinguishes very good automatizers from 
incorrect automatizers with overwhelming probability. 

• Run all automatizers in parallel, try to certify automatizers that stop, and halt 
when the first automatizer passes the check. 

The amplification is obtained by repeating and the use of Chernoff bounds. 
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Proposition 3.1 (ChernofF bounds (see, e.g., [MR95[ Chapter 4])). 

Let Xi, X2, ■ ■ ■ , Xn G {0, 1} be independent random variables. Then if X is the sum of Xi 
and if fi is E[X], for any 5, < S <1: 

Fr{X < (1 - 5)fi} < e-'^^'/^^ Pr{X > (1 + 5)fi} < e''^^'/^ 

Corollary 3.2. Let Xi, X2, ■ ■ ■ , Xn S {0,1} be independent random variables. Then if X 
is the sum of Xi and if 1 > Hi > E[X] > ^2 > 0, for any 6, < S < 1: 

Fi{X < (1 - S)H2} < e-'^^^Va^ p^j^ > + j)^ j < e-^^^'/^^. 

Lemma 3.3 (amplification). Every automatizer W is simulated by a {^,e~"^/^^)- correct 
automatizer S, where m S N may depend at most polynomially on d ■ \x\ (for input {x,d)). 
Moreover, there are polynomials p and q such that for every x ^ L and d G N, 

ta (x,d) < max p(tw(x,d )). (3.1) 

d'<q{d-\x\) 

Proof. S{x, d) runs m copies of W{x, Ad) in parallel and stops as soon as the | fraction of 
copies stop. 

By Chernoff bounds, S is (4, e~™/'*^)-correct. The "strong" simulation condition 
(j3.ip is satisfied because by ChernofF bounds the running time of the fastest | fraction of 
executions is less than median time with probability at least 1 — e"™/^"^. ■ 

Theorem 3.4 (optimal automatizer). Let {D,L) be a distributional proving problem, where 
L is recursively enumerable and D is polynomial-time samplable, i.e., there is a polynomial- 
time randomized Turing machine that given 1" on input outputs x with probability Dn{x) 
for every x G {0,1}" . Then there exists an optimal automatizer for (D,L). 

Proof. For algorithm A, we say that it is (A, e)-correct for input length n and parameter d 
if it it satisfies condition [3] of Definition 12.21 for n and d. If an algorithm is (A, e)-correct for 
every n (resp., every d), we omit n (resp., d). 

In order to check an algorithm for correctness, we define a certification procedure that 
takes an algorithm A and distinguishes between the cases where A is (4, » )-correct 

° ° ^ ' ISd log^ n ' 

for given n,d (from Lemma 13.31 we know that one can assume such correctness) or it is not 
(li ,} -1 )-correct ((1, -.^ -x )-correct automatizers suffice for the correctness of further 
constructions). W.l.o.g. we may assume that 

A satisfies conditions [T] and [2] of Definition 12.21 (3-2) 

(for the latter condition, notice that L is recursively enumerable and one may run its 
semidecision procedure in parallel). 

The certification procedure has a subroutine Test that estimates the probability of A^s 
error simply by repeating A and couting its faults. 

TEST(^,x,d',r,/,/): 

(1) Repeat for each i G {1, . . . , /} 

(a) If A{x,d') stops in T steps, let a = 1; otherwise let Cj = 0. 

(2) If c,; > ///, then reject; otherwise accept. 

Lemma 3.5. For every A, x, d' , T, /, /, 



458 



E. A. HIRSCH AND D. ITSYKSON 



(1) If A{x,d') stops with probability less than yoTJ' then Test will reject it with prob- 

I 

ability less than e s.os-io*./ _ 

(2) If A{x,d') stops in time at most T with probability more than q-^, then Test will 

accept it with probability less than e ^-lo^-/ 
Proof. Follows directly from Chernoff bounds. ■ 

CERTiFY(^,n,d',r,/c,/,/): 

(1) Repeat for each i £ {1, . . . ,k} 

(a) Generate Xi according to Dn. 

(b) If Test(A, Xi, d', T, I, f) rejects, let 6j = 1; otherwise let 6j = 0. 

(2) If bi > k/{2d'), then reject; otherwise accept. 

Lemma 3.6. Let d,n,T € N. Let A be an algorithm pretending to be an automatizer. Run 

Certify(^, n, d', T, k, I, /). 

Then 

(1) // A is (4, Y^jj)- correct, then A is accepted by Certify almost for sure, failing 

k ' 

with probability less than e vm! + k ■ e 3.03104./ _ 

(2) Let A^ be a restricted version of A that behaves similarly to A for T steps and enters 
an infinite loop afterwards. If A^ is not (1, gg j: ) -correct for length n and parameter 

— ' 

d, then A is accepted by Certify with probability less than e + A; • e ^-lo^./ 

Proof 1. Let A = {x e ImDn \ Pr{^(x, d) = 1} > roTT/}- assumption, Dn{A) < 

The certification procedure takes k samples from D„. For every sample Xi e L\A, the 

I 

probability that the corresponding bi equals 1 is less than e s.os-io*./ _ Thus, the probability 

_ I 

that there is a sample Xi from L \ A that yields 6j = 1 is less than k ■ e s.os-ic^./ _ Denote 

this unfortunate event by E. If it does not hold, only samples from A may cause bi = 1 

and by Chernoff's bound 

Pr{Xl^i ^ fc/(2d') I E} < e-^. 

i 

Thus, the total probability of reject is as claimed. 

2. Let A = {x G IraDn \ Pr{^(x, d) = 1} > olgji- assumption, Aj(A) > Jr- 
The certification procedure takes k samples from Dn- For every sample Xi G A, the 

probability that the corresponding bi equals is less than e ^-lo^./ ^ Thus, the probability 

that there is a sample Xi from A that yields 6i = is less than k ■ e ^-W-/ . Denote this 
unfortunate event by E. Assuming it does not hold only samples outside A may cause 
6i = and by Chernoff's bound 

Pr{^6j < k/{2d') I E} < e~^. 
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We now define the optimal automatizer U. It works as follows: 

U{x,d): 

(1) Let 

n = \x\, 

d! = 16(ilog^n, 

/ = l7d\ogln, 

k = 12d'ln(16dlog^n), 

/ = (3.03- 10"^) •/•ln(16A;dlog^n). 

(2) Run the following processes for i E {!,..., log^ n} in parallel: 

(a) Run Ai{x, d'), the algorithm with Turing number i satisfying assumption (j3.2p . 
and compute the number of steps Tj made by it before it stops. 

(b) If CEKTiFY{Ai,n,d',Ti,k,l, f) accepts, 
then output 1 and stop U (all processes). 

(3) If none of the processes has stopped, go into an infinite loop. 

Correctness. We now show that U errs with probability less than 1/4. 

What are the inputs that cause U to error? For every such input x there exists i < log^ n 
such that 

41og^n 

where 

pI. j = Fic{Ai{x, d') stops in exactly t steps}, 

c] = Pr{CERTiFY(Aj, n, d', t, k, I, f) accepts}. 

Let Ei be the set of inputs x ^ L satisfying inequality ()3.3p . 

We claim that D{Ei) < ^^^^ ^ , which suffices to show the (1, l/4)-correctness. 

. _ k ' 

Assume the contrary. Let Tj = min{i | < e~»d^+k-e ^-lo^-/ 1_ Note that by 
Lemma [STUl AJ^ ~ ^ is (1, g^gj)-correct for n and d', i.e.. 
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We omit i and n in the estimations that fohow. Here is how we get a contradiction: 



1 ^ D{E, 



Mlogln 41og^n ^ 41og^n 



oo 



E 

T<T, 



Px,tctD{x) + ^ Px,tctD{x) < 



x4L \T<n 



T>T* 



E 



Px,tD{x) + 



E 



Px,tD{x) 



99/ 



99/ 



1 1 _ fc - ' 

+ — + e sZ+fc-e 2-104./ < 



+ e + A; ■ e a-io^-/ < 

1 1 



0.99/ d' 



+ 



+ 



1 



1 



IGdlog^n IGdlog^n Sdlog^n 4dlog^n 



Simulation. Assume we are give a correct automatizer A'^ . Plug in m = 48 • ln(18(ilog^ n) 
into Lemma [3. 31 The lemma yields that A'^ is "strongly" simulated by a (4, 



1 



I8d logi n ■ 



-correct 



automatizer A. It remains to estimate, for given "theorem" x E L, the (median) running 



(1- 



time of JJ in terms of ^ \x,d) = (isdiog*™) / ^x,d) (as we know that the latter 
is bounded by max p(t^s(x, d')) for a polynomials p and g'). 

ii'<g((i-|xl) 

Since the definition of simulation is asymptotic, we consider only x of length greater 
than the Turing number of A. By Lemma 13.61 A is not certified with probability less than 

_ k ' 1 

g tm^ -|- /j . e 3.03104./ < If ^ certified, U stops in time upper bounded by a 



Sdlog, n 



polynomial of the time spent by A with an overhead polynomial in |x| and d for running 
other algorithms and the certification procedures. Thus the median time tu{x, d) is bounded 



by a polynomial in \x\, d, and 



(-1 I 1 

^ 2 Srflog2 n 



(1^ 



(x,d) < 



(18dlog2 n)3/4 



(x,d). 



4. Heuristic proof systems 

In this section we define proof systems that make errors (claim a small fraction of 
wrong theorems) . We consider automatizable systems of this kind and show that every such 
system defines an automatizer taking time at most polynomially larger than the length of 
the shortest proof in the initial system. This shows that automatizers form a more general 
notion than automatizable heuristic proof systems. The opposite direction is left as an open 
question. 

Definition 4.1. Randomized Turing machine 11 is a heuristic proof system for distributional 
proving problem (D, L) if it satisfies the following conditions. 

(1) The running time of Il{x,w,d) is bounded by a polynomial in d, \x\, and \w\. 
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(2) (Completeness) For every x € L and every (i S N, there exists a string w such that 
Pr{n(x, tf, d) = 1} > |. Every such string w is caUed a Il^'^^-proof of x. 

(3) (Soundness) Fi^^dA^w : Pr{n(x, d) = 1} > 1} < 1. 

Definition 4.2. Heuristic proof system is automatizable if there is a randomized Turing 
machine A satisfying the fohowing conditions. 

(1) For every x E L and every d G N, with probabihty at least ^ algorithm A{x,d) 
outputs a correct II^'^) -proof of size bounded by a polynomial in d, \x\, and \w\, 
where w is the shortest Il^'^^-proof of x. 

(2) The running time of A{x,d) is bounded by a polynomial in \x\, d, and the size of 
its own output. 

Definition 4.3. We say that heuristic proof system Hi simulates heuristic proof system 
112 if there exist polynomials p and q such that for every x G L, the shortest Il^'^^-proof of 
X has size at most 

p(d ■ \x\ ■ max {the size of the shortest Hi -proof of x}). 

d'<q{\x\d) 

Note that this definition essentially ignores proof systems that have much shorter proofs 
for some inputs than the inputs themselves. We state it this way for its similarity to the 
automatizers case. 

Definition 4.4. Heuristic proof system H is polynomially bounded if there exists a polyno- 
mial p such that for every x E L and every d € N, the size of the shortest H^'^) -proof of x is 
bounded hy p{\x\d). 

Proposition 4.5. If heuristic proof system Hi simulates system II2 and II2 is polynomially 
bounded, then Hi is also polynomially bounded. 

We now show how automatizers and automatizable heuristic proof systems are related. 
Consider automatizable proof system (n,74) for distributional proving problem {D,L) 
with recursively enumerable language L. Let us consider the following algorithm AYi(x,d): 

(1) Execute 1000 copies of A{x,d) in parallel. 
For each copy, 

(a) if it stops with result w, then 

• execute n(x, w, d) 10000 times; 

• if there were at least 4000 accepts of H (out of 10000), stop all parallel 
processes and output 1. 

(2) Execute the enumeration algorithm for L; output 1 if this algorithm says that x G L; 
go into an infinite loop otherwise. 

Proposition 4.6. If {Ji,A) is a (correct) heuristic automatizable proof system for recur- 
sively enumerable language L, then An is a correct automatizer for x S L and t^jj(x,(i) is 
bounded by polynomial in size of the shortest Hd-proof of x. 

Proof. Soundness (condition\^ in Def. \2.2\) . Let A„ = {x G L | 3w : Pr{n(x,u),d) = 1} > 
^}. By definition, L'„(A„) < ^. For x G {0,1}" \ A„ and specific w, Chernoff bounds 
imply that n(x, w, d) accepts in 0.4 or more fraction of executions with exponentially small 
probability, which remains much smaller than | even after multiplying by 1000. 

Completeness ( conditions \M and C] in Def. \2.S^) is guaranteed by the execution of the 
semi-decision procedure for L. 
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Simulation. For x G L, the probability that A errs 1000 times is neghgible (at most 
2-1000^ _ Thus with high probabihty at least one of the parallel executions of A{x, d) outputs 
a correct H^-proof of size bounded by a polynomial in the size of the shortest Il^-proof of x. 
For X (z L and (correct) Il^'^^-proof w, Chernoff bounds imply that Il{x,w,d) accepts in at 
least 0.4 fraction of executions with probability close to 1. Therefore, tA^ix, d) is bounded 
by a polynomial in d, and the size of the shortest H^-proof of x. ■ 

5. Further research 

One possible direction is to show that automatizers are equivalent to automatizable 
heuristic proof systems or, at least, that there is an optimal automatizable heuristic proof 
system. That may require some tweak in the definitions, because the first obstacle to proving 
the latter fact is the inability to check a candidate proof system for the non-existence of a 
much shorter (correct) proof than those output by a candidate automatizer. 

Also Krajicek and Pudlak [ KP8 9] and Messner ^Mes99j list equivalent conditions for 
the existence of (deterministic) optimal and p-optimal proof systems. It seems promising 
(and, in some places, challenging) to prove similar statements in the heuristic setting. 
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